It can be tempting to stray from the security roadmap security professionals have put in place when data breaches like the Sony and Anthem breaches are all over the news. But experts say it’s crucial to stick to the security basics. Chasing the latest security concern — whether it’s point-of-sale security weaknesses that hackers used to install malware, in the case of Target, or an insufficiently protected database that hackers breached to steal millions of customer’s health insurance records, in the case of Anthem — distracts companies from what they should be doing.
As soon as security professionals sense their company is diverging from its security plan, they should steer it back on course and double down on mastering the basics:
- Where is your most sensitive data located?
- How many applications/servers/endpoint devices do you have to patch and protect?
- Do you have a security awareness program for all your employees?
- Are your office locations and facilities protected from unauthorized access?
- Who do employees call when there’s a security incident?
- Is your network being monitored for malicious traffic?
- Are you collecting logs for your most critical systems?
One might reasonably infer that the lack of validation (i.e. “regularly test security systems and processes”) stems from one of two areas, both of which Foresite has a play in solving for our customers.
1. These organizations love technology…but have not invested in the PEOPLE to provide care and feeding of these technologies. This is the core of our value proposition for our MSSP offering.
2. They know they have a problem and don’t want to admit it…validation produces evidence, evidence can be used against you. This is also something we can help with by assisting our overwhelmed customers with identification of the issues, developing cost effective and creative solutions to help them achieve their goals, and putting together a realistic approach/roadmap to compliance that leverages our experts to deliver results.
With a strong foundation in place, companies can then look into different methods of protection and try to learn from other companies’ mistakes. But without a strong foundation, simply learning from others’ mistakes is not enough.